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DETAILED ACTION 

The application having Application No. 10,067,446 has a total of 24 claims 
pending in the application; there are 4 independent claims and 20 dependent claims, all 
of which are ready for examination by the examiner. Claims 1-24 have been examined. 

Response to Arguments 

The 35 U.S.C. §112 rejection for claims 1-3, 8, 18 and 21 is withdrawn. 

Applicant argues that "The Kerberos article merely discloses to use two steps to 
gather authentication data". However, the reference clearly discloses that "authorization 
is gathered in two separate steps" (italics added by Examiner). Applicant argues that 
Kerberos does "not disclose to provide more than one copy of authorization data." The 
Kerberos article clearly states in the last paragraph on pg. 27 that "when the user 
requests a session ticket for a server, the KDC in the server's domain copies the 
contents of the TGT's authorization data field to the session ticket's authorization data 
field" (italics added by Examiner). Thus, there is clearly two copies of the authorization 
data. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 
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Claims 1-24 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Windows 2000 Kerberos Authentication White Paper, Microsoft Corporation, 1999 
(herein referred to as Reference 1). 

As per ciaim 1, Reference 1 depict a method of verifying client authorization 
when requesting content and/or services from an application server, comprising the 
steps of: 

generating a service ticket including a first copy of authorization data (pg. 27, para. 
5, lines 3-5; Reference 1 teaches that authorization data is gathered or generated in two 
separate steps (or copies), the first takes place when the KDC in a Windows 2000 
domain prepares a TGT.); and 

sending a second copy of the authorization data to a client (pg. 27, para. 4, lines 
4-6; Reference 1 teaches that authorization data is gathered or generated in two 
separate steps (or copies), the second takes place when the KDC in a Windows 2000 
domain prepares a session ticket); and 

sending the service ticket to the client (pg. 27, para. 4, lines 1-3). 

As per claim 2, Reference 1 depict the method as claimed in claim 1 , further 
comprising the step of: 

generating an AS_REP, including the service ticket and the second copy of the 
authorization data (pg. 27, para. 5, lines 1-4; pg. 27, para. 4, lines 4-6); and 

sending the AS_REP to the client (pg. 27, para. 5, lines 4-5). 

As per claim 3, Reference 1 depict the method as claimed in claim 1 , further 
comprising the steps of: 
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generating a ticket granting server reply (TGS_REP) including the service 
ticket (pg. 27, para. 6, lines 1-7), and 

sending the ticket granting server reply to the client (pg. 27, para. 6, lines 1-7). 
As per claim 4, Reference 1 depict the method as claimed in claim 3, further 
comprising the steps of: 

receiving an authentication server request (ASREQ) message from a client (pg. 27, 
para. 5, lines 1-2); 

generating an authentication server reply (AS_REP) message (pg. 27, para. 5, lines 1- 

4); 

sending the AS_REP to the client (pg. 27, para. 5, lines 2-5); 

receiving a ticket granting server request (TGS REQ) message from the client (pg. 
27, para. 6, line 1); and 

the step of generating the TGSREP including generating the TGSREP 
having two or more copies of authorization data including the second copy of the 
authorization data (pg. 27, para. 6, lines 1-7; pg. 27, para. 4, lines 4-6). 

As per claim 5, Reference 1 depict the method as claimed in claim 3, further 
comprising the steps of: 

generating an authentication server reply (AS_REP) message including the second 
copy of the authorization data (pg. 27, para. 5, lines 1-4; pg. 27, para. 4, lines 4-6); and 

sending the AS_REP to the client including the step of sending the second copy of 
the authorization data to the client (pg. 27, para. 5, lines 1-4; pg. 27, para. 4, lines 4-6). 
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As per claim 6, Reference 1 depict the method as claimed in claim 3, further 
comprising the steps of: 

configuring the second copy of the authorization data such that the second 
copy of the authorization data is used by the client (pg. 32, step 2; pg. 27, para. 4, lines 
4-6);. 

As per claim 7, Reference 1 depict the method as claimed in claim 6, further 
comprising the step of: 

encrypting the second copy of the authorization data using a client session key (pg. 32, 
step 2; pg. 27, para. 4, lines 4-6). 

As per claim 8, Reference 1 depict the method as claimed in claim 7, further 
comprising the step of: 

encrypting the service ticket using the server service key (pg. 32, step 2). 

As per claim 9, Reference 1 depict the method as claimed in claim 7, wherein the 
step of encrypting using the client session key including using the session key from a 
ticket granting ticket in an AS_REP (pg. 32, step 2). 

As per claim 10, Reference 1 depict the method as claimed in claim 6, further 
comprising the steps of: 

the client determining desired content (pg. 31 , para. 1 ); 

the client verifying the desired content with the second copy of the authorization data 
(pg. 32, step 1; pg. 27, para. 4, lines 4-6); 

the client generating a request for content (pg. 32, step 1); 

the client sending the request for content to a third party server (pg. 32, step 2); and 
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the third party server sending third party information to the client later used by 
the application server in determining client authorization for the requested content (pg. 
32, step 2). 

As per claim 1 1 , Reference 1 depict the method as claimed in claim 6, further 
comprising the steps of: 

receiving a key request (KEY_REQ) from the client (pg. 32, step 1); 
generating a key reply (KEY_REP) (pg. 32, step 2); 
forwarding the KEYJREP to the client (pg. 32, step 2); 
the client generating a request for content (pg. 32, step 1 ); 

the client verifying the request for content with the second copy of the authorization 
data (pg. 32, step 2; pg. 27, para. 4, lines 4-6); and 

the client sending the request for content to an application server if the client verifies 
there are no errors in the request for content (pg. 32, step 2). 

As per claim 12, Reference 1 depict the method as claimed in claim 6, further 
comprising the steps of: 

receiving a request for content (pg. 27, para. 5, lines 1-2); 

sending at least a portion of the requested content to the client (pg. 27, para. 5, lines 
4-5); and 

the step of configuring the second copy of the authorization data including 
configuring the second copy of the authorization data such that the client is capable of 
using the second copy of the authorization to determine at least an authorized use of 
the requested content (pg. 27, para. 4, lines 1-3; pg. 27, para. 4, lines 4-6). 
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As per claim 13, Reference 1 depict the method as claimed in claim 12, further 
comprising the steps of: 

the step of configuring the second copy of the authorization data such that the client 
is capable of using the second copy of the authorization to determine if the client is 
authorized to store the requested content (pg. 27, para. 4, lines 1-6). 

As per claim 14, Reference 1 depict the method as claimed in claim 13, further 
comprising the steps of: 

the step of configuring the second copy of the authorization data such that the client 
is capable of using the second copy of the authorization to determine if the client is 
authorized to play back the requested content (pg. 27, para. 4, lines 1-6). 

As per claim 15, Reference 1 depict a system for providing secure 
communication across the system, comprising: 

a key distribution center (KDC) first stage being configured to issue a ticket granting 
ticket (TGT) to a client (pg. 27, para. 5, lines 1-2); and 

a KDC second stage being configured to generate a ticket granting server reply 
including at least two copies of authorization data in response to a TGT received from 
the client (pg. 27, para. 6, lines 1-7; pg. 27, para. 4, lines 4-6). 

As per claim 16, Reference 1 depict the system as claimed in claim 15, further 
comprising: 

the client being configured to receive the ticket granting server reply and to utilize 
one copy of the authorization data to verify authorization (pg. 27, para. 6, lines 1-7). 
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As per claim 17, Reference 1 depict the system as claimed in claim 15, further 
comprising: 

the client being coupled with an application server, wherein the application 
server being configured to supply content to the client (pg. 27, para. 4, lines 1-3); and 

the client being further configured to use the one copy of the authorization 
data to verify authorized use of the content (pg. 27, para. 4, lines 3-7). 

As per claim 18, Reference 1 depict a system for providing a client with access to 
content and/or services, 
comprising the steps of: 

a means for generating a service ticket including a first copy of authorization 
data(pg. 27, para. 4., lines 3-6; pg. 27, para. 5, lines 3-5); 

a means for generating a ticket granting server reply including the service ticket and 
a second copy of the authorization data (pg. 27, para. 6, lines 1-7; pg. 27, para. 4, lines 
4-6); and 

a means for sending the ticket granting server reply to a client (pg. 27, para. 4, lines 1- 
3). 

As per claim 19, Reference 1 depict the system as claimed in claim 18, wherein 
the means for generating the ticket granting server reply includes a means for 
encrypting at least the second copy of the authorization data using a client session key 
(pg. 32, step 2; pg. 27, para. 4, lines 4-6). 

As per claim 20, Reference 1 depict the system as claimed in claim 19, wherein 
the means for encrypting at least the second authorization data includes a means for 
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encrypting at least the second copy of the authorization data such that the client is 
capable of decrypting and utilizing the second copy of the authorization data (pg. 32, 
step 2; pg. 27, para. 4, lines 4-6). 

As per claim 21, Reference 1 depict the system as claimed in claim 20, wherein 
the means for generating the service ticket includes a means for encrypting at least the 
first copy of the authorization data using a server key (pg. 32, step 2; pg. 27, para. 5, 
lines 3-5). 

As per claim 22, Reference 1 depict the system as claimed in claim 18, wherein 
the second copy of the authorization data being configured to allow the client to verify a 
request for services from an application server (pg. 27, para. 5, lines 1-8; pg. 27, para. 
4, lines 4-6). 

As per claim 23, Reference 1 depict the system as claimed in claim 18, wherein 
the second copy of the authorization data being configured to allow the client to 
determine authorized use of received content (pg. 27, para. 4, lines 1-3; pg. 27, para. 4, 
lines 4-6). 

As per claim 24, Reference 1 depict a system for providing secure 
communication across the system, comprising: 

a key distribution center (KDC) first stage being configured to issue a ticket granting 
ticket (TGT) and at least a client copy of authorization data to a client (pg. 27, para. 5, 
lines 3-5), 
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wherein the client copy of the authorization data is configured such that the client is 
capable of determining client authorization (pg. 27, para. 4, lines 1-6; para. 5, lines 1-8); 
and 

a KDC second stage being configured to generate a ticket granting server reply (pg. 27, 
para. 6, 1-3; pg. 27, para. 4, lines 4-6). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications should be 
directed to Nima Khomassi whose telephone number is (571) 272-3775. The examiner 
can normally be reached Monday-Friday from 8:30 AM to 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron Jr., can be reached at (571) 272-3799. 
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The fax number for Formal or Official faxes to Technology Center 2100 is 571- 
273-8300. On July 15, 2005, the Central Facsimile (FAX) Number changed from 703- 
872-9306 to 571-273-8300. As of September 15, 2005, the former is no longer in 
service; the latter is the only facsimile number recognized for centralized delivery. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have any questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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